The IG called on the Energy Department’s and National Nuclear Security Administration’s CIOs to coordinate with other departmental officials to ensure that department policies are updated to reflect current requirements for securing national security information systems.
It also recommended that they prioritize and immediately implement high-risk security controls, such as segregation of duties and two-factor authentication, to protect the department’s classified information and systems, something the department agreed with.
In response to another recommendation the department stated that each of the program’s cyber security plans have been updated to reflect requirements in the department’s new national security system manual.
NNSA also stated that it recently updated its cyber security policies and is working to implement the recommendations contained in the report.
